Privacy of location information

ABSTRACT

An arrangement for providing privacy settings for determining whether location information for a subscriber can be provided to a requesting party is described. The privacy settings are at least partially based on presence information for the subscriber. A gateway mobile location center (GMLC) selectively provides the location information regarding subscribers on request, in accordance with the privacy settings.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of co-pending U.S. application Ser.No. 13/263,348, filed on Nov. 23, 2011, which is a U.S. National PhaseApplication of PCT/EP2009/054176, filed on Apr. 8, 2009. The contents ofthese applications are hereby incorporated in their entireties byreference herein.

BACKGROUND

1. Field

The invention is related to the provision of location informationregarding a user, such as the user of a mobile communication device, toa third party. In particular, the invention is related to the privacy ofsuch location information.

2. Description of Related Art

It is recognised in the art that privacy is important to the provisionof location based service (LBS) solutions for cellular networks. Forexample, 3GPP LoCation Services (LCS) and Open Mobile Alliance (OMA)Secure User Plane Location (SUPL) standards include mechanisms to enablesubscribers to control, to some degree, who can locate them.

FIG. 1 is a block diagram of a system, indicated generally by thereference numeral 2, demonstrating the protection of user privacy in anLBS system. The system 2 comprises a location based service (LBS) client4 and a Gateway Mobile Location Centre (GMLC) 6. The GMLC 6 includes aprivacy manager (PM) 8.

The GMLC 6 enables the LBS client 4 to request information regarding thelocation of a defined subscriber. For example, the GMLC 6 may supportthe 3GPP Gateway Mobile Location Centre (GMLC) and OMA SUPL LocationPlatform (SLP) functionalities.

The privacy manager 8 enables subscribers to control their privacysettings. Thus, the privacy manager 8 ensures that location informationis only disclosed to the LBS client 4 in accordance with rules specifiedby the subscriber. By way of example, the privacy manager 8 may containa privacy profile set by a subscriber having some of the followingfeatures:

-   -   Subscribers may define services that are allowed to access their        location information.    -   Subscribers may define services that are not allowed to access        their location information.    -   Subscribers may limit exposing their location information to a        group of named people.    -   Subscribers may limit when and/or where they allow themselves to        be located.

By way of example, a subscriber may specify in his privacy settings thatany individual listed as being his friend can locate him at the weekend(but not between Monday and Friday), but only if the subscriber islocated in Helsinki.

Although currently available systems enable a user to set a privacyprofile, the profile is typically static. Any changes to the profileneed to be set by a user; this is time-consuming and inconvenient forthe user.

The present invention seeks to address at least some of the problemsoutlined above.

SUMMARY

The present invention provides a method comprising receiving a requestfor location data concerning a first user and determining whether or notto provide location data in response to the request. The determinationof whether or not to provide the location data is at least partiallybased on presence information for the first user. The presenceinformation includes at least one of reachability of the first user,willingness of the first user to communicate, and current communicationcapabilities of the first user. The determination of whether or not toprovide the location data is carried out by a gateway mobile centre or aprivacy manager.

The present invention also provides an apparatus comprising a firstinput for receiving a request for location data for a first user and aprocessing unit for determining whether or not to provide the requestedlocation data in response to the request. The processing unit isconfigured to respond to the request based, at least in part, onpresence information for the first user. The presence informationincludes at least one of reachability of the first user, willingness ofthe first user to communicate, and current communication capabilities ofthe first user. The apparatus comprises one of a gateway mobile centreor a privacy manager.

The present invention also provides a non-transitory computer readablemedium having instructions stored thereon which, when executed by aprocessor, cause the processor to carry out a method. The methodcomprises receiving a request for location data concerning a first user,and determining whether or not to provide location data in response tothe request. The determination of whether or not to provide the locationdata is at least partially based on presence information for the firstuser. The presence information includes at least one of reachability ofthe first user, willingness of the first user to communicate, andcurrent communication capabilities of the first user. The determinationof whether or not to provide the location data is carried out by agateway mobile centre or a privacy manager.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments of the invention are described below, by way ofexample only, with reference to the following numbered drawings.

FIG. 1 is a block diagram of a system demonstrating the protection ofuser privacy in an LBS system;

FIG. 2 is a block diagram of a system in accordance with an aspect ofthe invention;

FIG. 3 is a flow chart demonstrating an aspect of the invention; and

FIG. 4 shows a message sequence in accordance with an aspect of theinvention.

DETAILED DESCRIPTION

The present invention makes use of presence information for locationinformation privacy control. The invention enables presence informationto be taken into consideration when deciding whether or not locationdata for a subscriber should be provided to a requesting party. By wayof example, the presence status of a user may include one or more of thereachability of the user, the willingness of the user to communicate andthe current communication capabilities of the user. Of course, otherpresence information may be provided in addition to, or instead of, theexamples provided above.

The invention may also include obtaining said presence information, forexample using session initiation protocol (SIP) messages. In one form ofthe invention, SIP SUBSCRIBE and NOTIFY messages are exchanged such thatthe processing means (or the controller) can be informed of any changesin the presence status of the first user (or any other user).

In some forms of the invention, the presence information is receivedfrom a presence enabler.

In addition to the presence status of the first user, many other factorsmay be taken into account. By way of example, one or more of thefollowing may be taken into account when determining whether or not toprovide said location data: the location of the first user, the identityof the requesting party and the current time. Another factor that may betaken into account is the type of requesting party; for example, in somesituations, an application that belongs to the category of “roadsideassistance” may be allowed to receive location data concerning the firstuser.

In some forms of the invention, the request may be received from alocation based service client.

The request may be a mobile location protocol (MLP) request.

The determination of whether or not to provide said location data may becarried out by a gateway mobile location centre. The determination ofwhether or not to provide said location data may be carried out by aprivacy manager. The determination of whether or not to provide saidlocation data may be carried out by a gateway mobile location centre inconjunction with a privacy manager. The privacy manager may form part ofthe gateway mobile location centre, or may be a separate component thatis in communication with the gateway mobile location centre.

Presence information refers to dynamic information concerning asubscriber, and typically refers to the availability and/or willingnessof the subscriber to communicate with others. Presentity refers to anentity that has presence information associated with it. Presenceinformation includes, for example, status, reachability, willingness tocommunicate and capabilities of that presentity. Although a presentityis often a subscriber, it can also, for example, be a role such as ahelp desk.

The use of presence information for location information privacy controlenables presence information (which is often already available) tocreate dynamic and flexible privacy settings. Presence status can betaken into consideration when it is decided whether or not locationinformation is to be disclosed to a location based service (LBS) client.

By way of example, a subscriber may define that he/she can be locatedonly when all of the conditions are met:

-   -   1. It is a weekday (i.e. Monday to Friday).    -   2. The time is between 8 am and 4 pm.    -   3. The subscriber's presence state is “in meeting”.

FIG. 2 is a block diagram of a system, indicated generally by thereference numeral 10, that enables presence information to be used forlocation information privacy control.

The system 10 comprises a location based services (LBS) client 12, aGateway Mobile Location Centre (GMLC) 14, and a presence enabler 16. TheGMLC 14 comprises a privacy manager 18. The privacy manager 18 is shownin FIG. 2 as being part of the GMLC 14 but could also be provided as aseparate module that is in communication with the GMLC. The LBS client12, GMLC 14 and privacy manager 18 are similar to the LBS client 4, GMLC6 and privacy manager 8 described above with reference to FIG. 1.

The presence enabler 16 is in communication with one or more subscribers(not shown) and stores presence information for one or more subscribers.This presence information is used by the privacy manager to controlaccess to location information, as discussed further below.

It should be noted that the elements of the system 10 are all known. Thepresent invention lies in the combination of those elements and the wayin which those elements are used, as discussed further below.

FIG. 3 is a flow chart, indicated generally by the reference numeral 30,showing an exemplary algorithm in accordance with the present invention.

The algorithm 30 starts at step 32, where the GMLC 14 receives a mobilelocation protocol (MLP) request from the LBS client 12 for locationinformation regarding a particular subscriber. MLP is a protocolspecified by the Open Mobile Alliance (OMA) for obtaining the positionof mobile devices (such as mobile communication devices). Of course, MLPis one of a variety of protocols that could be used to request andprovide location data. Although the invention is described withreference to the MLP protocol, the invention is not so limited.

An exemplary MLP Request (a so-called Standard Location ImmediateRequest (SLIR)) is given below.

<slir ver=“3.3.0” res_type=“SYNC”> <msids> <msidtype=“IPV4”>93.10.0.250</msid> <msid_range> <start_msid><msid>461018765710</msid> </start_msid> <stop_msid><msid>461018765712</msid> </stop_msid> </msid_range> <msidtype=“ASID”>441728922342</msid> <msid_range> <start_msid><msid>461018765720</msid> </start_msid> <stop_msid><msid>461018765728</msid> </stop_msid> </msid_range> </msids> <eqop><resp_req type=“LOW_DELAY” /> <hor_acc>1000</hor_acc> </eqop> <geo_info><CoordinateReferenceSystem> <Identifier> <code>4004</code><codeSpace>EPSG</codeSpace> <edition>6.1</edition> </Identifier></CoordinateReferenceSystem> </geo_info> <loc_typetype=“CURRENT_OR_LAST” /> <prio type=“HIGH” /> </slir>

In response to the MLP request 32, the GMLC 14 determines (in step 34)whether presence information for the subscriber concerned is required.The step 34 may include the GMLC 14 asking the presence enabler 16whether the presence enabler already has the required presence data forthe subscriber concerned, as discussed further below.

If presence data is required, the algorithm 30 moves to step 36, wherethe presence enabler 16 requests the required presence data from thesubscriber. Once the presence data has been obtained, the algorithmmoves to step 38.

If, at step 34, presence data is deemed not to be required, thealgorithm 30 moves from step 34 directly to step 38.

At step 38, the GMLC obtains any other parameters that may be relevantto determining whether the conditions required to expose a subscriber'slocation information are met. By way of example, the other parametersmay include the time of day or the day of the week. Of course, if nosuch conditions exist, then the step 38 could be omitted.

From step 38, the algorithm moves to step 40, where the privacy manager18 (or, in some embodiments, the GMLC 14) determines whether theconditions required in order to expose the subscriber's locationinformation are met. If the conditions are not met, then the algorithm30 terminates at step 42, at which step an error message is returned tothe LBS client 12, indicating that location information cannot beprovided. If the conditions are met, then the algorithm 30 terminates atstep 44, at which step the location information is returned to the LBSclient 12.

An exemplary MLP location response (a so-called Standard LocationImmediate Answer (SLIA)) is given below. The response provides severalexamples, the first of which provide the requested location data(thereby implementing step 44 of the algorithm 30) the last of whichreturns a “not attainable” response (thereby implementing step 42 of thealgorithm 30).

<slia ver=“3.3.0” >  <pos> <msid>461011334411</msid> <pd> <timeutc_off=“+0200”>20020623134453</time> <shape> <CircularAreasrsName=“www.epsg.org#4326”> <coord> <X>30 16 28.308N</X> <Y>45 1533.444E</Y> </coord> <radius>240</radius> </CircularArea> </shape> </pd></pos> <pos> <msid>461018765710</msid> <pd> <timeutc_off=“+0300”>20020623134454</time> <shape> <CircularAreasrsName=“www.epsg.org#4326”> <coord> <X>30 12 28.296N</X> <Y>86 5633.864E</Y> </coord> <radius>570</radius> </CircularArea> </shape> </pd></pos> <pos> <msid>461018765711</msid> <pd> <timeutc_off=“+0300”>20020623110205</time> <shape> <CircularAreasrsName=“www.epsg.org#4326”> <coord> <X>78 12 34.308N</X> <y>76 222.82E</Y> </coord> <radius>15</radius> </CircularArea> </shape> </pd></pos>  <pos> <msid>461018765712</msid> <poserr> <result resid=“10”>QOPNOT ATTAINABLE</result> <time>20020623134454</time> </poserr>  </pos></slia>

As discussed above, a subscriber may define that he/she can be locatedonly when all of the following conditions are met:

-   -   1. It is a weekday (i.e. Monday to Friday).    -   2. The time is between 8 am and 4 pm.    -   3. The subscriber's presence state is “in meeting”.

In the event that a third party requests location information for thatsubscriber, step 36 of the algorithm 30 determines whether or not thesubscriber's presence state is “in meeting” and step 38 of the algorithm30 determines the day of the week and the current time. Step 40 thenuses the data obtained in steps 36 and 38 to determine whether or not toprovide the requested data.

In some forms of the invention, presence information for subscribers maybe carried out as a background process, so that it is not necessary todetermine whether up-to-date presence information needs to be obtained.In such an arrangement, the steps 34 and 36 of the algorithm 30 can beomitted.

In some forms of the invention, the privacy manager 18 may obtainpresence information from the presence enabler 16 using the well-knownsession initiation protocol (SIP). In particular, the subscribe/notifymechanism of SIP may be used. As discussed further below, if the SIPsubscribe/notify mechanism is used, then steps 34 and 36 of thealgorithm 30 can be omitted.

FIG. 4 shows a message sequence, indicated generally by the referencenumeral 50, showing the transfer of messages between the LBS client 12,GMLC 14, privacy manager (PM) 18 and presence enabler (PE) 16, inaccordance with an exemplary embodiment of the present invention.

The message sequence 50 begins with the privacy manager 18 issuing a SIPSUBSCRIBE message 52 to the presence enabler 16. The message 52instructs the presence enabler 16 to inform the privacy manager 18 eachtime the presence information for one or more specified subscriberschanges. The presence enabler 16 is in communication with the relevantsubscribers (not shown) in a manner well known in the art.

In response to the message 52, the presence enabler 16 sends a SIPNOTIFY message 54 to the privacy manager 18 providing the presenceinformation for the specified subscriber(s).

A further SIP NOTIFY message 56 is sent from the presence enabler 16 tothe privacy manager 18 each time the presence information for aspecified subscriber changes. In the message sequence 50 two SIP NOTIFYmessages are shown (the messages 54 and 56). Of course, in anyparticular implementation, the number of NOTIFY messages sent from thepresence enabler 16 to the privacy manager 18 may vary greatly.

At some point, the LBS client issues an MLP request 58 to the GMLC 14requesting location information for a particular subscriber. The MLPrequest 58 is, of course, similar to the request 32 described above withreference to FIG. 3.

In response to the request 58, the GMLC 14 sends a message 60 to theprivacy manager 18 asking whether the condition(s) required forproviding location information for that subscriber are met. The privacymanager determines the answer to this question on the basis of thepresence information obtained from the SIP NOTIFY messages 54 and 56 andprovides an answer in message 62 sent to the GMLC 14.

On receipt of the message 62, the GMLC provides a response 64 to the MLPrequest 58. The response 64 may provide the requested locationinformation (as in step 44 of the algorithm 30) or may indicate thatlocation information cannot be provided (as in step 42 of the algorithm30).

In the message sequence 50, the steps 34 and 36 of the algorithm 30described above with reference to FIG. 3 are omitted. This is becauseup-to-date presence information concerning the subscribers has beenobtained by means of the SIP NOTIFY messages 54 and 56. Furthermore,step 38 may be omitted if no additional parameters are considered.

The embodiments of the invention described above are illustrative ratherthan restrictive. It will be apparent to those skilled in the art thatthe above devices and methods may incorporate a number of modificationswithout departing from the general scope of the invention. It isintended to include all such modifications within the scope of theinvention insofar as they fall within the scope of the appended claims.

We claim:
 1. A method for obtaining authorization for obtaining locationinformation in a communication network, the method comprising: definingprivacy conditions for a first user in a privacy manager, wherein theconditions control providing location information of a first user;storing the privacy conditions in a privacy manager; receiving, at theprivacy manager, updates of social presence information of the firstuser based on information of the first user received at a socialpresence enabler, wherein the social presence information of the firstuser comprises reachability of the first user, willingness of the firstuser to communicate, and current communication capabilities of the firstuser; receiving, at a gateway mobile location centre, a request forlocation data concerning the first user; sending, from the gatewaymobile location centre, a query message to the privacy manager todetermine whether any condition required for providing locationinformation of the first subscriber is met; determining, by the privacymanager, an answer to the query on the basis of the privacy conditionsand social presence information; sending, from the privacy manager tothe gateway mobile location centre, the answer to the query; and inresponse to the answer, providing, from the gateway mobile locationcentre, one of the location information of the first user or anindication that the location information of the first user cannot beprovided, wherein the privacy conditions comprise a particular daywithin a given week, a predetermined time interval within a particularday of the given week, and a presence state of the first user.
 2. Themethod of claim 1, wherein one of the conditions required for providingthe location information of the first user comprises consideration ofthe location of the first user.
 3. An apparatus, comprising: at leastone processor; and at least one memory including computer program code,wherein the at least one memory and the computer program code areconfigured to with the at least one processor, cause the apparatus to:define privacy conditions for a first user in a privacy manager, whereinthe conditions control providing location information of a first user;store the privacy conditions in a privacy manager; receive, at theprivacy manager, updates of social presence information of the firstuser based on information of the first user received at a socialpresence enabler, wherein the social presence information of the firstuser comprises reachability of the first user, willingness of the firstuser to communicate, and current communication capabilities of the firstuser; receive, at a gateway mobile location centre, a request forlocation data concerning the first user; send, from the gateway mobilelocation centre, a query message to the privacy manager to determinewhether any condition required for providing location information of thefirst subscriber is met; determine, by the privacy manager, an answer tothe query on the basis of the privacy conditions and social presenceinformation; send, from the privacy manager to the gateway mobilelocation centre, the answer to the query; and in response to the answer,provide, from the gateway mobile location centre, one of the locationinformation of the first user or an indication that the locationinformation of the first user cannot be provided, wherein the privacyconditions comprise a particular day within a given week, apredetermined time interval within a particular day of the given week,and a presence state of the first user.
 4. The apparatus of claim 3,wherein the at least one memory and the computer program code areconfigured to with the at least one processor, cause the apparatus toreceive, at the privacy manager, social presence information of thefirst user.
 5. The apparatus of claim 3, wherein said social presenceinformation is received from a social presence enabler.
 6. Anon-transitory computer readable medium having instructions storedthereon which, when executed by a processor, cause the processor tocarry out a method, the method comprising: defining privacy settings fora first user in a privacy manager, the privacy settings establishingconditions for providing location information of the first user;defining privacy conditions for a first user in a privacy manager,wherein the conditions control providing location information of a firstuser; storing the privacy conditions in a privacy manager; receiving, atthe privacy manager, updates of social presence information of the firstuser based on information of the first user received at a socialpresence enabler, wherein the social presence information of the firstuser comprises reachability of the first user, willingness of the firstuser to communicate, and current communication capabilities of the firstuser; receiving, at a gateway mobile location centre, a request forlocation data concerning the first user; sending, from the gatewaymobile location centre, a query message to the privacy manager todetermine whether any condition required for providing locationinformation of the first subscriber is met; determining, by the privacymanager, an answer to the query on the basis of the privacy conditionsand social presence information; sending, from the privacy manager tothe gateway mobile location centre, the answer to the query; and inresponse to the answer, providing, from the gateway mobile locationcentre, one of the location information of the first user or anindication that the location information of the first user cannot beprovided, wherein the privacy conditions comprise a particular daywithin a given week, a predetermined time interval within a particularday of the given week, and a presence state of the first user.
 7. Themethod of claim 1, wherein the social presence enabler is incommunication with the first user.
 8. The apparatus of claim 3, whereinthe social presence enabler is in communication with the first user. 9.The non-transitory computer readable medium of claim 6, wherein thesocial presence enabler is in communication with the first user.